@@ -230,6 +230,40 @@ jobs:
230230 Write-Host "Client cert thumbprint: $($clientCert.Thumbprint)"
231231 Add-Content -Path $env:GITHUB_ENV -Value "CLIENT_CERT_SUBJECT=$($clientCert.Subject)"
232232
233+ name : Create Windows user testuser and authorized_keys
234+ shell : pwsh
235+ run : |
236+ $homeDir = "C:\Users\testuser"
237+ $authKeysFile = "$homeDir\authorized_keys_test"
238+
239+ # Create home dir (profile) for testuser
240+ New-Item -ItemType Directory -Path $homeDir -Force | Out-Null
241+ Write-Host "Created $homeDir"
242+
243+ # Create or update local user testuser with that home (needed for pubkey S4U and SFTP GetHomeDirectory)
244+ $u = Get-LocalUser -Name "testuser" -ErrorAction SilentlyContinue
245+ if ($u) {
246+ Write-Host "User testuser already exists"
247+ } else {
248+ New-LocalUser -Name "testuser" -Password (ConvertTo-SecureString "TestPass123!" -AsPlainText -Force) -FullName "Test User" -Description "CI" -PasswordNeverExpires -ErrorAction Stop
249+ Write-Host "Created user testuser"
250+ }
251+ # Set home to our directory (some GetHomeDirectory implementations use profile; ensure it exists)
252+ Set-LocalUser -Name "testuser" -HomeDirectory $homeDir -ErrorAction SilentlyContinue
253+
254+ # authorized_keys: hansel public key with comment 'testuser'
255+ $pubKey = Get-Content "${{ github.workspace }}\wolfssh\keys\hansel-key-ecc.pub" -Raw
256+ if (-not $pubKey) {
257+ Write-Host "ERROR: hansel-key-ecc.pub not found"
258+ exit 1
259+ }
260+ $pubKey = ($pubKey -replace '\s+hansel\s*$', ' testuser').TrimEnd()
261+ $pubKey | Out-File -FilePath $authKeysFile -Encoding ASCII -NoNewline
262+ # ensure testuser can read (wolfsshd impersonates testuser when checking authorized_keys)
263+ icacls $authKeysFile /grant "testuser:R" /q
264+ Write-Host "Created $authKeysFile"
265+ Get-Content $authKeysFile
266+
233267name : Create wolfSSHd config file
234268 working-directory : ${{ github.workspace }}\wolfssh
235269 shell : pwsh
@@ -240,6 +274,12 @@ jobs:
240274 PermitRootLogin yes
241275 "@
242276
277+ # AuthorizedKeysFile: relative to user home (e.g. C:\Users\testuser/authorized_keys_test)
278+ $configContent += @"
279+
280+ AuthorizedKeysFile authorized_keys_test
281+ "@
282+
243283 if ("${{ matrix.server_key_source }}" -eq "store") {
244284 # Get server cert subject from environment
245285 $serverSubject = (Get-Content env:SERVER_CERT_SUBJECT)
@@ -731,8 +771,7 @@ jobs:
731771 $errOut = Get-Content sftp_error.txt -Raw
732772 }
733773
734- # Success indicators: connection established, key exchange completed
735- # Failure indicators: connection refused, key exchange failed
774+ # Failure indicators
736775 if ($output -match "connection.*refused" -or $errOut -match "connection.*refused") {
737776 Write-Host "ERROR: Connection refused - server may not be running"
738777 exit 1
@@ -741,8 +780,16 @@ jobs:
741780 Write-Host "ERROR: Key exchange failed - cert store key may not be working"
742781 exit 1
743782 }
783+ if ($output -match "Couldn't connect" -or $errOut -match "Couldn't connect") {
784+ Write-Host "ERROR: SFTP could not connect (check authorized_keys, user, or server)"
785+ exit 1
786+ }
787+ if ($process.ExitCode -ne 0) {
788+ Write-Host "ERROR: SFTP client exited with code $($process.ExitCode)"
789+ exit 1
790+ }
744791
745- Write-Host "Test completed - key exchange appears to have worked "
792+ Write-Host "Test completed - key exchange and SFTP connection succeeded "
746793
747794name : Test SSH client connection
748795 working-directory : ${{ github.workspace }}\wolfssh
0 commit comments